As you start to bring more services into Azure, expanding from pre-production and test workloads into the reals of hosting live, production environments and the number of teams and people involved in keeping the environment running grows you’ll want to make sure you have the right policies and governance in place but keeping in mind you want to stay agile and flexible.
Azure ‘Management Groups’ should form a central part of your Azure governance and management. The use of Management Groups simplifies the use of using Azure Policy and Azure RBAC (Role Based Access Control) by centralising and preventing duplication of effort, simply set the policy or RBAC on the management group and that flows down to the subscription, resource groups and resources within it.
When should I use Management Groups?
It’s probably easier to ask this the other way around, there’s simply no point in using Management Groups if you only have a single subscription as it offers no real benefit. Management groups can have 6 levels of groups (not including the default ‘root’ group) and the group can only have one parent but can have many children. You’ll want to sit down and map out what works well for you and the subscriptions you have.